Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001973Piwigosecuritypublic2010.10.29 23:452010.10.30 00:37
Reporterplg 
Assigned Toplg 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.1.3 
Target Version2.1.4Fixed in Version2.1.4 
Summary0001973: [comments.php] SQL query on error (and displayed) when category id is unknown
DescriptionOn comments.php, the category_id is transmitted with a $_GET parameter and if the user set a non-existing category_id then Piwigo generates an SQL syntax error and the SQL query is displayed.

There is no vulnerability but we should avoid the SQL syntax error if we know the category doesn't exist!
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0004410)
svn (reporter)
2010.10.30 00:33

[Subversion] r7487 by plg on branch 2.1

-----[Subversion commit log]----------------------------------------------------
bug 1973 fixed: aboid SQL syntax error if the category id given in the URL is
unknown.
(0004411)
svn (reporter)
2010.10.30 00:34

[Subversion] r7488 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r7487 from branch 2.1 to trunk

bug 1973 fixed: aboid SQL syntax error if the category id given in the URL is
unknown.


- Issue History
Date Modified Username Field Change
2010.10.29 23:45 plg New Issue
2010.10.29 23:45 plg Status new => assigned
2010.10.29 23:45 plg Assigned To => plg
2010.10.29 23:45 plg browser => any
2010.10.29 23:45 plg Web server => Apache 1.3.x
2010.10.30 00:33 svn Checkin
2010.10.30 00:33 svn Note Added: 0004410
2010.10.30 00:34 svn Checkin
2010.10.30 00:34 svn Note Added: 0004411
2010.10.30 00:37 plg Status assigned => closed
2010.10.30 00:37 plg Resolution open => fixed
2010.10.30 00:37 plg Fixed in Version => 2.1.4


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker